FirstBlood-#441 — Reflected XSS on the /login.php endpoint with the goto vulnerable parameter
This issue was discovered on FirstBlood v2
On 2021-10-25, johandu97 reported:
Improper input validation leads to attackers injecting malicious characters causing XSS vulnerabilities
- Hi @zseano, I found reflected xss on /login.php endpoint with goto vulnerable parameter
- Use payload to bypass filter: test123"><scrip<script>t>aleralertt%601%60</scrip</script>t>, xss is executed
Validate/santize malicious inputs that cause xss like < > ' " ...
FirstBlood ID: 26
Vulnerability Type: Reflective XSS
The developers thought they had fixed ?goto= when reflected in an input tag on login.php from a similar bug (
ID 39), but because this endpoint uses legacy code their changes were not applied here and thus the XSS was forgotten.